The number of cyber-attacks increases over the holidays. A combination of holiday stress and employees taking time off from work makes businesses and organizations more vulnerable. Therefore, we need to think about IT and information security. It's especially important to think about how your company's IT environment is managed and to have clear guidelines for remote work on weekends.
When it comes to the company's own IT environment, it is first and foremost important that the company's IT department is staffed at the same level as the rest of the year, if not more, given the increased volume of attacks. The number of cases reported to the help desk can be reduced, but all operating systems still need to be monitored. System updates always pose a high risk and should be postponed until operations are back to normal, if possible, unless there is a critical update.
It is also important to keep the focus on organizations' awareness of information security. A security culture where all employees stop, think, ask and react, reporting things that seem suspicious is necessary all year round. But not least before a christmas holidays 2024, when many will combine time off and work remotely.
Connected homes – increased business risk
Our homes are becoming increasingly connected. More and more so-called smart products are filling our homes and helping to make everyday life easier, but at the same time they create new security risks. Although this year's gift may be something knitted, there will surely be many hard gifts with lots of technology under the tree. Many times, the smart products only have a default password, and automatic software updates are missing, making these an easy catch for hackers.
Therefore, a well-thought-out security strategy should also include tips and advice on how to think about your own cybersecurity at home. As for the gifts, it can be anything from checking the extent of the manufacturer's software updates and setting up automatic updates on connected devices, to changing all preset passwords so that they are unique and difficult to crack. That the internet at home is delivered via a router that has built-in security function that protects all devices, an updated security program and firewall, is something that becomes important both for the employees privately and for all home offices. Basically, of course, it's also about not connecting things unnecessarily. If there is no concrete need, it is better to leave things offline.
We help companies and organizations create awareness of information security all year round. We do not recommend our customers to take breaks in security work during the holidays. The combination of "Q4 stress" and "staff’s need for vacation" is not an argument for taking safety lightly. Quite the opposite. Because cybercrime doesn't take vacations, neither can security.
Read more about our 2025 edition of our Information Security Awareness for all employees here.
Joakim Hvalby
